Skip to main content
IMA Human Resources Blog

The Latest Phishing Attack: Locked PDFs

by Nicholas R. Merker and Martha Kohlstrand

Ice Miller LLP is an IMA member…

More and more, businesses are reporting a phishing scam that uses a PDF attachment to try to trick the recipient into disclosing his or her email credentials. The email arrives with a PDF attachment that appears to be locked, and the recipient supposedly must type in his or her email address and password in order to unlock it. The PDF looks like this:

When the password is put in, it is transmitted to the attacker – who now has access to the employee’s login credentials.

This phishing attack appears to be randomly targeted at unsophisticated users. To avoid falling prey to this or any other phishing scam, avoid clicking on suspicious links in emails. Hover over a suspicious link with your mouse to make sure it is going to take you where it says it will – if not, don’t click! Remember that PDFs are not typically locked in the way this document appears to be. Watch for typos in emails, which are a common tip-off to phishing scams. And when in doubt, don’t click, and ask your IT department!


To view the original article, click here.